> ## Documentation Index > Fetch the complete documentation index at: https://docs.whop.com/llms.txt > Use this file to discover all available pages before exploring further. # Create access token > Create a short-lived access token for authenticating API requests. When using API key authentication, provide company_id or user_id. When using OAuth, the user is derived from the token. Use this token with Whop's web and mobile embedded components. ## OpenAPI ````yaml https://app.stainless.com/api/spec/documented/whopsdk/openapi.documented.yml post /access_tokens openapi: 3.1.0 info: title: Whop API description: >- The Whop REST API. Please see https://docs.whop.com/developer/api/getting-started for more details. termsOfService: https://whop.com/tos-developer-api/ version: 1.0.0 servers: - url: https://api.whop.com/api/v1 description: Production Whop API security: [] tags: - name: Products description: Products - name: Plans description: Plans - name: Payments description: Payments - name: Refunds description: Refunds - name: Disputes description: Disputes - name: Dispute alerts description: Dispute alerts - name: Resolution center cases description: Resolution center cases - name: Checkout configurations description: Checkout configurations - name: Setup intents description: Setup intents - name: Payment methods description: Payment methods - name: Invoices description: Invoices - name: Promo codes description: Promo codes - name: Card transactions description: Card transactions - name: Ledger accounts description: Ledger accounts - name: Transfers description: Transfers - name: Withdrawals description: Withdrawals - name: Payout methods description: Payout methods - name: Verifications description: Verifications - name: Payout accounts description: Payout accounts - name: Topups description: Topups - name: Users description: Users - name: Companies description: Companies - name: Authorized users description: Authorized users - name: Fee markups description: Fee markups - name: Members description: Members - name: Memberships description: Memberships - name: Leads description: Leads - name: Entries description: Entries - name: Shipments description: Shipments - name: Reviews description: Reviews - name: Company token transactions description: Company token transactions - name: Affiliates description: Affiliates - name: Experiences description: Experiences - name: Forums description: Forums - name: Forum posts description: Forum posts - name: Chat channels description: Chat channels - name: Support channels description: Support channels - name: Messages description: Messages - name: Reactions description: Reactions - name: Dm members description: Dm members - name: Dm channels description: Dm channels - name: Notifications description: Notifications - name: Courses description: Courses - name: Course chapters description: Course chapters - name: Course lessons description: Course lessons - name: Course students description: Course students - name: Course lesson interactions description: Course lesson interactions - name: Apps description: Apps - name: Webhooks description: Webhooks - name: App builds description: App builds - name: Access tokens description: Access tokens - name: Account links description: Account links - name: Files description: Files - name: Ai chats description: Ai chats - name: Bounties description: Bounties - name: Stats description: Stats - name: Ad campaigns description: Ad campaigns - name: Ad groups description: Ad groups - name: Ads description: Ads - name: Conversions description: Conversions paths: /access_tokens: post: tags: - Access tokens summary: Create access token description: >- Create a short-lived access token for authenticating API requests. When using API key authentication, provide company_id or user_id. When using OAuth, the user is derived from the token. Use this token with Whop's web and mobile embedded components. operationId: createAccessToken parameters: [] requestBody: required: false content: application/json: schema: type: object properties: company_id: type: - string - 'null' description: >- The unique identifier of the company to generate the token for, starting with 'biz_'. The API key must have permission to access this company. example: biz_xxxxxxxxxxxxxx expires_at: type: - string - 'null' format: date-time description: >- The expiration timestamp for the access token. Defaults to 1 hour from now, with a maximum of 3 hours. example: '2023-12-01T05:00:00.401Z' scoped_actions: type: - array - 'null' items: type: string description: >- Represents textual data as UTF-8 character sequences. This type is most often used by GraphQL to represent free-form human-readable text. description: >- An array of permission scopes to grant to the access token. If empty or omitted, all permissions from the authenticating credential are inherited. Must be a subset of the credential's permissions. user_id: type: - string - 'null' description: >- The unique identifier of the user to generate the token for, starting with 'user_'. The API key must have permission to access this user. example: user_xxxxxxxxxxxxx required: [] description: Parameters for CreateAccessToken responses: '200': description: A successful response content: application/json: schema: $ref: '#/components/schemas/AccessToken' '400': description: Bad request content: application/json: schema: type: object properties: error: type: object properties: type: type: string message: type: string code: type: - string - 'null' description: >- A short string indicating the specific error code, e.g. 'parameter_missing', 'parameter_invalid', 'invalid_json' param: type: - string - 'null' description: The parameter that caused the error, if applicable required: - type - message required: - error example: error: type: invalid_request_error code: parameter_missing message: 'Missing required parameter: amount.' param: amount '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: object properties: type: type: string message: type: string code: type: - string - 'null' description: >- A short string indicating the specific error code, e.g. 'parameter_missing', 'parameter_invalid', 'invalid_json' param: type: - string - 'null' description: The parameter that caused the error, if applicable required: - type - message required: - error example: error: type: unauthorized message: Invalid or missing API key '403': description: Forbidden content: application/json: schema: type: object properties: error: type: object properties: type: type: string message: type: string code: type: - string - 'null' description: >- A short string indicating the specific error code, e.g. 'parameter_missing', 'parameter_invalid', 'invalid_json' param: type: - string - 'null' description: The parameter that caused the error, if applicable required: - type - message required: - error example: error: type: forbidden message: You do not have permission to access this resource '404': description: Not found content: application/json: schema: type: object properties: error: type: object properties: type: type: string message: type: string code: type: - string - 'null' description: >- A short string indicating the specific error code, e.g. 'parameter_missing', 'parameter_invalid', 'invalid_json' param: type: - string - 'null' description: The parameter that caused the error, if applicable required: - type - message required: - error example: error: type: not_found message: Resource not found '422': description: Verification required content: application/json: schema: type: object properties: error: type: object properties: type: type: string message: type: string code: type: - string - 'null' description: >- A short string indicating the specific error code, e.g. 'parameter_missing', 'parameter_invalid', 'invalid_json' param: type: - string - 'null' description: The parameter that caused the error, if applicable required: - type - message required: - error example: error: null '500': description: Internal server error content: application/json: schema: type: object properties: error: type: object properties: type: type: string message: type: string code: type: - string - 'null' description: >- A short string indicating the specific error code, e.g. 'parameter_missing', 'parameter_invalid', 'invalid_json' param: type: - string - 'null' description: The parameter that caused the error, if applicable required: - type - message required: - error example: error: type: internal_server_error message: An unexpected error occurred security: - bearerAuth: [] x-codeSamples: - lang: JavaScript source: |- import Whop from '@whop/sdk'; const client = new Whop({ apiKey: process.env['WHOP_API_KEY'], // This is the default and can be omitted }); const accessToken = await client.accessTokens.create(); console.log(accessToken.token); - lang: Python source: |- import os from whop_sdk import Whop client = Whop( api_key=os.environ.get("WHOP_API_KEY"), # This is the default and can be omitted ) access_token = client.access_tokens.create() print(access_token.token) - lang: Ruby source: |- require "whop_sdk" whop = WhopSDK::Client.new(api_key: "My API Key") access_token = whop.access_tokens.create puts(access_token) components: schemas: AccessToken: type: object properties: token: type: string description: >- The signed JWT access token string to include in API request Authorization headers. expires_at: type: string format: date-time description: >- The timestamp after which this access token is no longer valid and must be refreshed. example: '2023-12-01T05:00:00.401Z' required: - token - expires_at description: >- A short-lived access token used to authenticate API requests on behalf of a user. securitySchemes: bearerAuth: type: http description: >- A company API key, company scoped JWT, app API key, or user OAuth token. You must prepend your key/token with the word 'Bearer', which will look like `Bearer ***************************` scheme: bearer bearerFormat: auth-scheme ````